An attacker exploited a <button class="define-target" id="smart-contract">smart contract</button> belonging to the 1inch <button class="define-target" id="dex">DEX</button> aggregator, stealing $5&nbsp;million in the USDC <button class="define-target" id="stablecoin">stablecoin</button> and <button class="define-target" id="wrapped-token">w</button>ETH. According to the platform, the vulnerability existed in "smart contracts using the obsolete Fusion v1 implementation", and the stolen funds belonged to resolvers (that is, entities that fulfill 1inch orders) rather than users.

Archived tweet

Tweet by 1inch: